Fraud attacks move fast: Do your analytics keep up?
June 12th, 2017
Financial institutions (FIs) across the globe have lost more than $5B to business-email-compromise (BEC) social engineering attacks – with a 2,000% increase since 2015, according to the FBI. And this is just one type of fraud assailing the market today.
With numerous attacks that spread quickly and which produce severe financial losses, the financial services community is pressed to adopt innovative fraud strategies and solutions that offer fast-adapting analytics which enable earlier detection of market-wide attacks.
Today, FI’s are gaining ground on these rapidly moving fraud threats with detection systems that use advanced analytics to sift through mountains of data in order to find behavior anomalies that indicate fraud. These detection analytics take into consideration a vast array of what’s “normal” and what’s anomalous – ranging from detecting rooted devices to understanding unusual payment flow patterns.
Yet, when fraud threats quickly change, detection analytics must adapt their parameters to flag new risk indicators – and this has to happen quickly enough to keep up with the BEC-like threats sweeping the market.
The first step to this optimization is awareness. FI’s must continuously monitor the performance of analytics to understand when there is an uptick or change in fraud attempts. While many FIs conduct performance monitoring, most don’t do it often enough.
A new effort called ActimizeWatch, a cloud-based analytics optimization service, works to bring the benefits of the cloud and machine learning to this scenario. With ActimizeWatch, FIs continuously send anonymized transactional data to the cloud where analytics performance is constantly monitored, and intelligence is proactively gathered. This means earlier detection of changing fraud threats – before they take a wider hold in the institution.
Consortium View Provides Secure Intelligence Sharing
Ongoing transaction monitoring for a single FI is great, but when it can be conducted across institutions, we begin to gather a consortium view of fraud threats.
That kind of cross-institution monitoring can occur when FI’s send their data to the cloud, enabling us to aggregate anonymized data and look at patterns across organizations. That wider view means spotting changing fraud patterns earlier for single institutions, as well as for the larger group.
Importantly, looking at aggregated data also allows offers other benefits. For example, we can compare analytics performance among FIs in a specific peer group – such as mid-market North-American FIs. Using the case of the business email compromise scenario, we then potentially see a pattern of attacks moving specifically across these institutions. For those who fit into the peer group, but have yet to be hit, there would now be intelligence that they are sitting targets and proactive measures must be taken.
Maybe the most striking thing in running analytics across aggregated anonymized data, is that FIs would be able to share intelligence without exposing their customers’ data. That’s a big step for those organizations which may currently share intelligence informally, but which shy away from exposing that data which could give away a competitive edge.
Pushing Intelligence into Action
But gaining insight into changing fraud patterns – even when it’s across institutions – is only half the battle. Today, many FIs are members of intelligence sharing services from which they receive lists of bad devices and IP addresses, or risky regions or entities. But putting this intelligence into action can be a challenge.
One fraud director recently explained to me that he actually receives these intelligence updates in an email that gets buried under other incoming messages. Beyond that, he explained, there also must be a trust level in the shared intelligence, as well as a way to incorporate this data into detection systems. (ActimizeWatch shares insights via email advisories and provides dashboards – but most importantly, this intelligence is used to optimize individualized fraud detection analytics for delivery.)
Fraud will happen – that’s a given that no advanced analytics can change. But what we can change is the rapid spread of single fraud types, such as business email compromise. Fraudsters are smart, but they’re often repetitive – they launch the same attack until they’re caught, and then they innovate on the next round. Attacks which share payment patterns, risky regions, or beneficiaries – can and should be detected across the market.
In the end, consider if your current analytics keep up with the speed of fraud. Check your existing technology strategies, and look for developments that offer a new perspective by encouraging data sharing, which will help make meaningful improvements to your fraud detection strategy.